Great Circle Associates Firewalls
(December 1997)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: RE: Wingate?
From: Don Lewis <Don . Lewis @ tsc . tdk . com>
Date: Fri, 12 Dec 1997 03:49:59 -0800
To: "jimst @ enteract . com" <jimst @ enteract . com>, "'H. Morrow Long'" <morrow . long @ yale . edu>, "ark @ mpak . convey . ru" <ark @ mpak . convey . ru>, "mag @ bunuel . tii . matav . hu" <mag @ bunuel . tii . matav . hu>
Cc: "firewall-wizards @ nfr . net" <firewall-wizards @ nfr . net>, "firewalls @ GreatCircle . COM" <firewalls @ GreatCircle . COM>
In-reply-to: James Strompolis <jimst @ enteract . com> "RE: Wingate?" (Dec 11, 11:01pm)

On Dec 11, 11:01pm, James Strompolis wrote:
} Subject: RE: Wingate?
} Yup, I think that was the hole.  Like I said, fuzzy on the details. 
}  Although, I thought there was some mention of being able to pass through 
} Wingate to the internal machine if the installer did not follow the readme 
} to change some default setting(s?) that needed to be changed.  Deerfield's 
} fix, as I remember it, was to release a new version with the default 
} changed to the opposite setting.

I don't think inside machines were at risk, I think it was just the
ability to connect from an outside machine to the Wingate machine and
hop from there to another outside machine that was a problem.

} There was some sort of script released to take advantage of it.  The author 
} pulled it very quickly when it got distributed beyond a small group of 
} people it was supposed to stay within.  I probably remember this one wrong, 
} though?

This sounds about right.  There was a lot of discussion about this in*.

} - James Strompolis
}   Aleph Consultants, Inc.
}   jimst @
 enteract .
} On Thursday, December 11, 1997 11:12 AM, H. Morrow Long 
} [SMTP:morrow .
 long @
 yale .
 edu] wrote:
} > >- James Strompolis
} > >On an older version of Wingate, there was a hole that could let anyone 
} in.
} > > It was there by design.  I'm a little fuzzy on the details now.  Do a
} > >search for Wingate on DejaNews in the computer security groups and you 
} will
} > >find articles relating to this problem.
} >
} > The hole was that the telnet proxy would allow outsiders to use your 
} proxy
} > to connect out to other sites on the Internet.  They could then hide 
} their
} > originating IP address from the ultimate destination or attempt to get
} > around US-only IP address restrictions, etc.

It's also a popular exploit for email and usenet spammers and mail bombers.
They can use this to hide their true location and deflect the consequences
of their network abuse.

Indexed By Date Previous: MS Exchange behind FW
From: Gianluigi Moxedano <g . moxedano @ arcaweb . it>
Next: Proxy Source
From: "Faggioni, Gabriele" <Gabriele . Faggioni @ COMPAQ . COM>
Indexed By Thread Previous: RE: Wingate?
From: James Strompolis <jimst @ enteract . com>
Next: RE: Wingate?
From: balderton @ woolworths . com . au

Search Internet Search